721 matches found
CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel
Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...
BIT-LIMESURVEY-2024-42902
An issue in the jslocalize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the jslocalize.php function...
Arbitrary Code Injection
Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the function modify in the Users.php file. An attacker with valid credentials can execute arbitrary PHP code by injecting malicious input into the...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the ScriptEvaluator process. An attacker can execute arbitrary operating system commands by injecting malicious JavaScript code. Remediation Upgrade org.conductoross:java-sdk to version 3.21.13 or higher...
Arbitrary Code Injection
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the file uploading process. An attacker can execute arbitrary code, escalate privileges, access...
Arbitrary Code Injection
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the file uploading process. An attacker can execute arbitrary code, escalate privileges, access...
Arbitrary Code Injection
Overview jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval...
Arbitrary Code Injection
Overview org.webjars.npm:jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on th...
Arbitrary Code Injection
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /locales/locale.json endpoint when processing the locale and namespace query parameters. An attacker can execute arbitrary code on the server by sending...
VulnCheck KEV: CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via script pluginmodel.rb. An attacker can upload a crafted requirements.txt file with a malicious plugin. Remediation There is no fixed version for openc3. References - PoC - Vulnerable Code...
Arbitrary Code Injection
org.hibernate.validator:hibernate-validator is vulnerable to Arbitrary Code Injection. The vulnerability is due to expression language injection due to interpolation of user-supplied input in constraint violation messages using Expression Language, which may allow attackers to access sensitive da...
Laravel Pulse 1.3.1 - Arbitrary Code Injection
!/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2 CVE: CVE-2024-55661 Type: Remote Code Execution via...
Arbitrary Code Injection
Overview org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An attacker can...
Arbitrary Code Injection
Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...
Arbitrary Code Injection
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Arbitrary Code Injection through the RestrictedPythonQuery class. An attacker can manipulate the argument Query to bypass sandbox restrictions by leveraging the...
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2023-26107
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
CVE-2023-44120
A vulnerability has been identified in Spectrum Power 7 All versions V23Q4. The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access...
CVE-2021-25919
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...